Skip to content

Use case "Simple HTTP agent"

This scenario outlines a straightforward use case in which we employ a graphical user interface (GUI) to establish an HTTP listener. Subsequently, an agent is configured to connect to this listener. Following this setup, we execute various commands within the agent and retrieve the results from these commands. This process demonstrates the ease with which users can set up communication channels and interact with the agent, facilitating the execution of commands and the monitoring of their outcomes through the GUI.

Prerequisites

  • Ensure that both the Command and Control (C2) and the Graphical User Interface (GUI) components are operational within their respective Docker containers
  • Be aware of the specific network locations (IP addresses or hostnames) where both the C2 and GUI services are actively running
  • Access to a web browser is required for interfacing with the GUI component :)

Steps

  • To initiate the process, launch a web browser and establish a connection to the GUI-based machine through the port activated by the GUI web service. For me (and probably for lot of you, the service is running on localhost and port 12702)
    Upon successfully connecting, you will be greeted by a login interface. Here, you are required to enter the URL of the Command and Control (C2) server along with your login credentials.

alt text

  • Once you have successfully logged in, you will be directed to the agents list view.

alt text

  • Navigate to the "Listeners" option from the left-hand menu, which will bring up the listener view. Here, you can click on the large plus sign to open a new dialog for creating a listener.

alt text

alt text

  • In the new listener dialog, select the "shelldot.listener.agent-reverse-http" as the listener type. Following this selection, you will be presented with a subsequent dialog that enables you to swiftly configure your chosen listener. Within this configuration, the "Host" value is particularly crucial as it specifies the address that the agent will use to establish a connection to the Command and Control (C2) listener. Along with port number of course.

alt text

  • Upon successfully creating the new listener, it will be added to the list of listeners. At this point, you have the option to click on the agent creation button to generate a new agent. This new agent will be configured to establish a connection with the listener you have just set up.

alt text

  • This action will prompt a new dialog to appear, providing you with the opportunity to select the type of agent you wish to create. Typically, you will opt for either the "WINDOWS_X64" or "WINDOWS_X86" versions, both of which are straightforward executable files.

alt text

  • After downloading the agent executable, proceed to run it on the target machine. Following this action, if you navigate back to the agents view, you will observe the newly added agent listed there. To initiate control over this agent, simply click on the console button associated with it. This action will open a console window, providing you with direct access to command and control the agent.

alt text

alt text

  • Within the console window, you are now equipped to begin inputting commands. For instance, you can execute a PowerShell command on the agent by providing it with the --command parameter followed by "ls". This command will initiate the "ls" command within the PowerShell environment of the agent's machine. After a brief waiting period, the results of this command execution will be returned to you.

alt text

alt text